Threat Awareness – Compromised Microsoft SQL Servers Being Used to Deliver Ransomware

Threat actors have been observed compromising vulnerable Microsoft SQL servers and infecting them with FARGO ransomware. Disrupting database servers can lead to significant disruption of business operations. They are often compromised via brute force, dictionary attacks, or by exploiting unpatched vulnerabilities. According to security researchers at AhnLab, this attack chain involves downloading a .Net file and PowerShell, followed by the execution of a BAT file, which eventually leads to the deployment of the FARGO ransomware and a ransom note on a victim’s device. To defend against this activity, users are encouraged to use complex and unique passwords and keep all devices up to date with the latest security patches. Read more at BleepingComputer.